Further Evasion in the Forgotten Corners of MS-XLS
It’s been a few weeks since my last discussion1 of Excel 4.0 macro shenanigans and the space continues to change. LastLine published a great report2 which summarized the progression of weaponized macros from February through May. The good folks at InQuest have continued3 identifying4 malicious5 macro documents6. @DissectMalware’s excellent XLMMacroDeobfuscator7 has massively expanded its range…
Evading Detection with Excel 4.0 Macros and the BIFF8 XLS Format
Abusing legacy functionality built into the Microsoft Office suite is a tale as old as time. One functionality that is popular with red teamers and maldoc authors is using Excel 4.0 Macros to embed standard malicious behavior in Excel files and then execute phishing campaigns with these documents. These macros, which are fully documented online,…
Yet Another Security Blog 